Service announcements
2018-04-27 11:51: Drupal - critical security updateAll versions of Drupal have critical security vulnerabilities that lets anyone take complete control over a website.
The issue was resolved in the following versions of Drupal released 25 april 2018:
- 8.5.3
- 7.59
Additionally, as a one-time exception, 8.4 has been updated with version 8.4.8. Drupal recommends that 8.x users upgrade to 8.5.3, as only 8.5.x has security support.
Source: Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004 (CVE-2018-7602)